8 ip access-list – Fortinet 548B User Manual

- 396 -

access list replaces the currently attached IP access list using that sequence number. If the sequence
number is not specified for this command, a sequence number that is one greater than the highest
sequence number currently in use for this interface and direction is used.

This command specified in 'Interface Config' mode only affects a single interface, whereas the 'Global
Config' mode setting is applied to all interfaces. The VLAN keyword is only valid in the 'Global Config'
mode.

Syntax

ip access-group {<1- 199> | <name>} [vlan <vlan-id>] in [<1-4294967295>]
no ip access-group {<1-199> | <name>} [vlan <vlan-id>] in

<1- 199> The identifier of this ACL.

<name> The name of this ACL.

<vlan-id> The associated VLAN ID of this ACL.

<1-4294967295> The sequence number of this ACL.

no - This command removes a ACL by identifier or name from the interface or vlan in a given
direction.

Default Setting

None

Command Mode

Global Config

Interface Config

7.22.2.8 ip access-list

Use this command to create an extended IP Access Control List (ACL) identified by <name>, consisting
of classification fields defined for the IP header of an IPv4 frame. The <name> parameter is a
case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying the IP access list.

If an IP ACL by this name already exists, this command enters IPv4-Access_List config mode to allow
updating the existing IP ACL.

The CLI mode changes to IPv4-Access-List Configuration mode when you successfully execute this
command.

Syntax

Ip access-list <name>
no ip access-list <name>